Our mission is to make device management simple, secure, and pretty damn quick.
We use a blend of top-tier security measures and evaluations of our applications, systems, and networks to safeguard your data — guaranteed.
At PDQ we take pride in our commitment to security. That’s why we adhere to industry standard security practices and policies, backed up by a handful of compliance certifications and attestations.
We are in process or already compliant with the following security frameworks:
SOC 2: PDQ is SOC 2 compliant and will continue to undergo routine audits for updated reports. Request the latest SOC 2 report.
As a company made up of former sysadmins, we absolutely get the significance of security. That's why we're always in the loop with the latest security practices and industry standards.
PDQ enforces a role-based access control (RBAC) policy over defined subjects and objects. PDQ controls access based upon defined roles and users authorized to assume such roles. By doing so, PDQ ensures that user access to in-scope system components is based on job role and function.
PDQ ensures that, at minimum, the RBAC policy establishes and enforces RBAC on the following elements:
Core business suite
Software development system
Cloud service providers (CSPs)
Other business-critical systems
PDQ has established a vulnerability monitoring and scanning program designed to monitor and scan for internal and external vulnerabilities in systems and hosted applications at least weekly (or more randomly) to identify, quantify, and prioritize vulnerabilities. PDQ also identifies and implements code analysis tools in the organization’s development pipeline to regularly scan both static and dynamic codebases to check for vulnerabilities. Processes ensure that the scope of any vulnerability is defined and documented prior to the initiation of a vulnerability assessment.
PDQ also ensures that all findings from vulnerability scans are analyzed and documented on a weekly basis and remediated in accordance with the organization's risk tolerance. PDQ shares information obtained from the vulnerability monitoring process and control assessments with key stakeholders to help eliminate similar vulnerabilities in other systems.
All PDQ employees are required to complete mandatory security training on a regular basis. This includes (but is not limited to) training on the following topics:
Mobile device security
Social media use
Below is a listing of the sub-processors we utilize and the purpose for each engagement.
Chargebee: Payment processing
Cloudflare: Cloud infrastructure
Google Analytics / Adwords: Analytics, metrics, and marketing
Google Cloud: Cloud infrastructure
HubSpot: Customer support
Microsoft Azure: Cloud infrastructure
Microsoft Office 365: Email
NewRelic: Service performance monitoring
ProfitWell: Financial analytics
PowerBI: Business intelligence
Sentry: Cloud infrastructure
Sendgrid: Email automation
Salesforce: Customer support
Stripe: Payment processing
Twilio: Cloud infrastructure
UserVoice: Customer support
Zapier: Business automation
ZenDesk: Customer support
Our suite of secure products
While the software solutions we provide at PDQ are not security products in and of themselves, we believe they play a crucial part in the security strategy of any organization — helping sysadmins securely manage devices. Learn more in each product’s in-depth security guide.